This repository has been archived by the owner on Apr 26, 2023. It is now read-only.
forked from inakianduaga/doorman-auth-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
conf.js
136 lines (111 loc) · 4.59 KB
/
conf.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/*global process*/
'use strict';
// ==================
// General config
// ==================
var conf = {
// port to listen on, defaults to Doorman usual port
port: process.env.DOORMAN_PORT || 8085,
// Secure port for HTTPS connections. SSL certificate options MUST be set when enabled.
securePort: process.env.DOORMAN_SECURE_PORT,
// Force Transport Layer Security (TLS). Secure port and SSL certificates must be set.
forceTLS: process.env.DOORMAN_FORCE_TLS,
// URL for OAuth callbacks, default autodetect
hostname: process.env.DOORMAN_HOSTNAME,
proxyTo: {
host: process.env.DOORMAN_PROXY_HOST,
port: process.env.DOORMAN_PROXY_PORT
},
addRobotsHeader: process.env.DOORMAN_ROBOTS_HEADER === 'true' ? true : false,
// Session cookie options, see: https://github.com/expressjs/cookie-session
sessionCookie: {
name: '__doorman',
maxage: process.env.DOORMAN_PROXY_PORT || 4 * 24 * 60 * 60 * 1000, // milliseconds until expiration (or "false" to not expire)
secret: process.env.DOORMAN_SECRET || require('crypto').randomBytes(64).toString('hex') // if secret isn't supplied, generate a new one every start
},
// Paths that bypass doorman and do not need any authentication. Matches on the
// beginning of paths; for example '/about' matches '/about/me'..
// example: DOORMAN_PUBLIC_PATHS="/about/,/robots.txt"
publicPaths: process.env.DOORMAN_PUBLIC_PATHS && process.env.DOORMAN_PUBLIC_PATHS.split(',').map((path) => {
// If regular expresion filter is not present do not process
if (path.indexOf('|reg') === -1) {
return path;
} else {
path = path.replace('|reg', '');
}
// otherwise assume its valid until proven guilty
let isValid = true;
let expression = null;
try {
// try to instantiate regular expression object
expression = new RegExp(path);
} catch(e) {
// if exception was thrown it must be not valid expression
isValid = false;
}
return isValid ? expression : path;
}),
modules: {} // populated individually below
};
// SSL config
if(conf.securePort) {
conf.ssl = {
keyFile: process.env.DOORMAN_SSL_KEYFILE,
certFile: process.env.DOORMAN_SSL_CERTFILE,
caFile: process.env.DOORMAN_SSL_CAFILE
};
}
// Check if any modules are defined
var modules = process.env.DOORMAN_MODULES;
if(!modules) {
console.log('must specify comma-separated DOORMAN_MODULES environment variable');
process.exit(1);
}
modules = modules.split(',');
// ==================
// Github Auth
// ==================
if(modules.indexOf('github') >= 0) {
// Register a new oauth app on Github at
// https://github.com/account/applications/new
conf.modules.github = {
appId: process.env.DOORMAN_GITHUB_APPID,
appSecret: process.env.DOORMAN_GITHUB_APPSECRET,
entryPath: '/oauth/github',
callbackPath: '/oauth/github/callback',
// List of github email addresses that can authenticate, comma-separated
// example: DOORMAN_GITHUB_REQUIRED_EMAIL="user1@example.com,user2@example.com"
requiredEmail: process.env.DOORMAN_GITHUB_REQUIRED_EMAIL && process.env.DOORMAN_GITHUB_REQUIRED_EMAIL.split(','),
// Only users with this organization name can authenticate. If an array is
// listed, user may authenticate as a member of ANY of the domains.
requiredOrganization: process.env.DOORMAN_GITHUB_REQUIRED_ORGANIZATION // short organization name
};
}
// ==================
// Password based
// ==================
if(modules.indexOf('password') >= 0) {
// Simple password login, make sure you choose a very secure password.
conf.modules.password = {
token: process.env.DOORMAN_PASSWORD_TOKEN // any user that knows this can log in
};
}
// ==================
// Google Auth
// ==================
if(modules.indexOf('google') >= 0) {
// Register a new oauth app on Google Apps at
// https://code.google.com/apis/console
conf.modules.google = {
appId: process.env.DOORMAN_GOOGLE_APPID,
appSecret: process.env.DOORMAN_GOOGLE_APPSECRET,
// If uncommented, user must authenticate with an account associated with one of
// the emails in the comma-separated list.
// example: DOORMAN_GOOGLE_REQUIRED_EMAIL="user1@gmail.com,user2@gmail.com"
requiredEmail: process.env.DOORMAN_GOOGLE_REQUIRED_EMAIL && process.env.DOORMAN_GOOGLE_REQUIRED_EMAIL.split(','),
// User must be a member of this domain to successfully authenticate. If an array
// is listed, user may authenticate as a member of ANY of the domains.
requiredDomain: process.env.DOORMAN_GOOGLE_REQUIRED_DOMAIN && process.env.DOORMAN_GOOGLE_REQUIRED_DOMAIN.split(','),
};
}
module.exports = conf;